Описание
Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.
Embeddable Build Status Plugin 2.0.4 limits URLs to http and https protocols and correctly escapes the provided value.
Пакеты
Наименование
org.jenkins-ci.plugins:embeddable-build-status
maven
Затронутые версииВерсия исправления
< 2.0.4
2.0.4
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.